Hi Cristoffer, I like the way you synthesize the architecture design using the terms of the industry!
Regarding your infrastructure, you seem to have the following: ********** Incoming msg ********** f D M Z f I N T E R N A L i notif i r ---> AMQ --------- r --> A e <-------- e <-- M <--------> system w get w Q notif&get a a l l l l The security team here don't like those incoming ports. They talk about risks related to an incoming JMS requests forged to exploit a weakness in the protocol implementation. I know they are low since they are built-up and sent from a trusted system (vs sent from an external system). The risk is more about someone who breaks into a system in the DMZ *then* try to exploit weaknesses in the protocol implementation. I'll take a look to what this port gives access to. If only limited functionalities are exposed (ex. only receiving notification vs request for writing message in queues), your architecture may be able to satisfy my security team needs. Btw, relating my needs to your own experience was helpful. Thank you Christoffer! -- View this message in context: http://servicemix.396122.n5.nabble.com/Network-of-brokers-Shared-database-in-master-master-mode-tp5721581p5721583.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
